Bug 28941: Filter suggestion inputs at the OPAC
The following sequence is bad: 46 my $suggestion = $input->Vars; 181 &NewSuggestion($suggestion); All columns can be set when we insert the suggestion into the DB We definitely want to avoid the following fields to be set by the final user: acceptedby, accepteddate, STATUS, etc... Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This commit is contained in:
parent
e4f441cc14
commit
cc33f71b2a
1 changed files with 18 additions and 8 deletions
|
|
@ -38,12 +38,26 @@ use Koha::DateUtils;
|
|||
my $input = CGI->new;
|
||||
my $op = $input->param('op') || 'else';
|
||||
my $biblionumber = $input->param('biblionumber');
|
||||
my $suggestion = $input->Vars;
|
||||
my $negcaptcha = $input->param('negcap');
|
||||
my $suggested_by_anyone = $input->param('suggested_by_anyone') || 0;
|
||||
my $title_filter = $input->param('title_filter');
|
||||
my $need_confirm = 0;
|
||||
|
||||
my $suggestion = {
|
||||
title => scalar $input->param('title'),
|
||||
author => scalar $input->param('author'),
|
||||
copyrightdate => scalar $input->param('copyrightdate'),
|
||||
isbn => scalar $input->param('isbn'),
|
||||
publishercode => scalar $input->param('publishercode'),
|
||||
collectiontitle => scalar $input->param('collectiontitle'),
|
||||
place => scalar $input->param('place'),
|
||||
quantity => scalar $input->param('quantity'),
|
||||
itemtype => scalar $input->param('itemtype'),
|
||||
branchcode => scalar $input->param('branchcode'),
|
||||
patronreason => scalar $input->param('patronreason'),
|
||||
note => scalar $input->param('note'),
|
||||
};
|
||||
|
||||
# If a spambot accidentally populates the 'negcap' field in the sugesstions form, then silently skip and return.
|
||||
if ($negcaptcha ) {
|
||||
print $input->redirect("/cgi-bin/koha/opac-suggestions.pl");
|
||||
|
|
@ -80,11 +94,6 @@ else {
|
|||
);
|
||||
}
|
||||
|
||||
# don't pass 'negcap' column to DB, else DBI::Class will error
|
||||
# DBIx::Class::Row::store_column(): No such column 'negcap' on Koha::Schema::Result::Suggestion at Koha/C4/Suggestions.pm
|
||||
delete $suggestion->{negcap};
|
||||
delete $suggestion->{$_} foreach qw<op suggested_by_anyone confirm>;
|
||||
|
||||
if ( $op eq 'else' ) {
|
||||
if ( C4::Context->preference("OPACViewOthersSuggestions") ) {
|
||||
if ( $borrowernumber ) {
|
||||
|
|
@ -152,12 +161,12 @@ if ( $op eq "add_confirm" ) {
|
|||
elsif ( @$suggestions_loop >= 1 ) {
|
||||
|
||||
#some suggestion are answering the request Donot Add
|
||||
for my $suggestion (@$suggestions_loop) {
|
||||
for my $s (@$suggestions_loop) {
|
||||
push @messages,
|
||||
{
|
||||
type => 'error',
|
||||
code => 'already_exists',
|
||||
id => $suggestion->{suggestionid}
|
||||
id => $s->{suggestionid}
|
||||
};
|
||||
last;
|
||||
}
|
||||
|
|
@ -172,6 +181,7 @@ if ( $op eq "add_confirm" ) {
|
|||
}
|
||||
$suggestion->{suggesteddate} = dt_from_string;
|
||||
$suggestion->{branchcode} = $input->param('branchcode') || C4::Context->userenv->{"branch"};
|
||||
$suggestion->{STATUS} = 'ASKED';
|
||||
|
||||
&NewSuggestion($suggestion);
|
||||
$patrons_pending_suggestions_count++;
|
||||
|
|
|
|||
Loading…
Reference in a new issue